Configuring Windows Sync
449
WARNING
There can only be a single sync agreement between the Directory Server environment
and the Active Directory environment. Multiple sync agreements to the same Active
Directory domain can create entry conflicts.
Figure 19.2. Multi-Master Directory Server - Windows Domain Synchronization
Directory Server passwords are synchronized along with other entry attributes because plain-text
passwords are retained in the Directory Server changelog. The
Password Sync
Service is needed
to catch password changes made on Active Directory. Without the
Password Sync
Service, it would
be impossible to have Windows passwords synchronized because passwords are hashed in Active
Directory, and the Windows hashing function is incompatible with the one used by Directory Server.
19.2. Configuring Windows Sync
19.2.1. Step 1: Configure SSL on Directory Server
To configure the Directory Server to run in SSL, see
Chapter 11, Managing SSL
. To configure SSL on
Active Directory, see the appropriate user documentation.
Use the
certutil
utility to create self-signed certificates or obtain and install certificates to enable
SSL; for more information, see
Section 11.3, “Using certutil”
.
The following certificates must be issued and installed on both the Directory Server and the Active
Directory sync peer:
• CA certificate, shared between the Directory Server and Active Directory
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...